Saturday, October 1

China punishes Alibaba for late reporting Log4Shell vulnerability: disclosed to software developers first

China has suspended for at least six months the collaboration agreement it had with Alibaba to exchange information on cybersecurity and data in the cloud. The Asian Government has made this decision after the company of Jack Ma did not immediately notify you that it had detected the Log4Shell vulnerability that has shaken the world for several weeks; first informed the developers of the affected software, the Apache Foundation, according to explain in Genbeta.

Alibaba was the first company to detect the Log4Shell vulnerability. Chen Zhaojun, an Alibaba Cloud Security Team technician, was the one who first learned of it on November 25 and was quick to alert its developers for a quick response. The Apache Foundation released a patch just 24 hours later, but the damage, as we’ve seen in recent weeks, was already done, affecting thousands of companies and institutions.

Although Zhaojun acted by following the usual cybersecurity processes, the Chinese government accuses Alibaba of failing to immediately report or resolve the cybersecurity vulnerability, which has led to the suspension of the aforementioned agreement. This resolution, although it may seem surprising, is not arbitrary, since it responds to a rule that the Asian country approved a few months ago and that forces software and telecom providers affected by critical vulnerabilities to first report to authorities governmental.

China defends the decision as a measure to defend national security against attacks by cybercriminals. And, in fact, it is common for state IT and cybersecurity service providers to be obliged to report gaps and vulnerabilities that may affect the state’s digital infrastructures as soon as possible. But the background of the relationship between China and Alibaba and other state initiatives against technology companies invite you to think that it is a new sobering action of the institutions of the Asian country against one of its leading companies to strengthen its control over the private sector.

And it is that, in addition to the norm for which they have now punished Alibaba, the Chinese Government has also recently asked Jack Ma’s company and Tencent to migrate your private operators’ data to a state-backed cloud system, according Reuters reports.

On the other hand, the China’s repeated attacks on Alibaba and other big tech companies, from billion-dollar fines to the removal of apps from the app stores in the Asian country, through limitations of various kinds and the ostracism of big businessmen.